RESOLVED: Some providers have been discarded due to unexpected errors

[jonfen]

Issue

Running Ubuntu 20.04.4 LTS via Windows Subsystem for Linux (WSL) on Windows 11 if you receive this error "Some providers have been discarded due to unexpected errors" try adding the --debug flag. In my case, I saw 'SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type'

This is saying that the SSL security level is set too high on Ubuntu 20.04 to work with those providers.

Request

Provide a user-friendly error to the user if the OS SSL Security is too high -- or increase the security.

Workaround

Lower the SSL Security Level to 1 on Ubuntu 20.04

Edit openssl.conf file:

sudo nano /etc/ssl/openssl.cnf Extra points if you use vi

Add this line to the top:

openssl_conf = openssl_init

And these lines to the very bottom:

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1

[pitsi]

Sorry for bringing this back up, but I was about to open an issue about discarded providers and I just came accross your solution. I am on openssl 3.0.3 though (debian testing/unstable x64). Also, ubuntu 22.04 is on 3.0.2, so this may interest someone else too.

All the forementioned parts are already there, so there is nothing to add, but the last one under [system_default_sect] is a bit different

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=2

Any ideas? It would also be nice if the above were set only for the user instead of being system wide.

[markonius]

Yeah, I don't wanna do this system wide, is it possible to set it for subliminal? Or via an environment variable?

[ronilaukkarinen]

Yeah, I don't wanna do this system wide, is it possible to set it for subliminal? Or via an environment variable?

Interested in this as well.

[pitsi]

Can someone please try the solution described here with "export=blablabla"?
https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

I would try it, but I have nothing that needs subs right now.

---edit
I tried it just now, with a popular movie and with english as the language for the subs, so it would definitely find at least one from all those providers. And unfortunately, nothing has changed.
Then I changed the system's configuration on the forementioned file, but it still gives me the same errors, so I assume something bigger has changed with openssl's upgrade from 1.1.x to 3.x.
If anyone is on ubuntu 20.04 or older or debian 11 or older or any other distro that still uses openssl 1.1.x, please offer some feedback about the workaround.

[pitsi]

I got access to a vm with debian 11 yesterday and tried the workaround mentioned at the start. I am delighted to say that it works flawlessly. Zero errors, just a confirmation that 1 subtitle file was downloaded.

So, besides request above for a way to change the settings for the user only and not system wide, what other changes must be done for the distros that are on libssl 3.x?

[kurokirasama]

just found this tool, and I have this issue. I tried suggested workarounds but the problem persist. I'm in ubuntu 20.04

[dekomote]

import requests

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'DEFAULT@SECLEVEL=1'

Adding this on the top of each provider module (e.g. providers/podnapisi.py) will fix it for that provider.
I would do a PR but it's a bit of a hack really.

[stingwraith]

import requests

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'DEFAULT@SECLEVEL=1'

Adding this on the top of each provider module (e.g. providers/podnapisi.py) will fix it for that provider. I would do a PR but it's a bit of a hack really.

This doesn't seem to work for me. Still getting errors about 'Wrong signature type' from SSL. I'm running Windows 10.

[benpietras]

Just run the below after signing up for an account.

subliminal --debug --opensubtitles "username" "password" download -p opensubtitles -l en .

[MasterMind2k]

SSL certificate for Podnapisi.NET should be solved now.